Your remote access tools are now the attackers’ favorite front door. πͺ
CVE-2026-1731 Β· Severity 9.9 Β· Critical unauthenticated remote code execution via WebSocket.
We are seeing attackers exploit @[BeyondTrust](urn:li:organization:12625) Remote Support and PRA instances within hours of exploit code appearing online. These tools are often highly privileged.
Attackers are now using this access to pull credentials directly from vaults. The @[CISA](urn:li:organization:13010360) Known Exploited Vulnerabilities catalog update confirms that mass exploitation is currently underway against unpatched on-premise servers.
The uncomfortable truth: The software you use to secure your environment is becoming your highest-risk point of failure.
β Patch all self-hosted Remote Support and PRA appliances to version BT26-02 immediately.
β Restrict appliance web portal access to internal VPN or known IP ranges only.
β Audit your credential vaults for any unauthorized password or key exports.
Have you verified that your remote support instances are fully patched this morning? π
#Cybersecurity #ZeroTrust #PatchManagement #IncidentResponse #CISO #CodeDefence